Dynamic scanning (DAST)
AppScan 360° can perform dynamic analysis of an application that runs in a browser or a web API. Use the configuration options available in AppScan 360°, or upload an AppScan Standard configuration (template file) or a full scan file.
![](Graphics/DAST_wiz0.png)
Option | Description |
---|---|
Create a new scan | Configure and run your scan in using the AppScan 360° wizard options.
|
Upload template file | If you have an AppScan Standard template
(SCANT) file, you can use it as the configuration for your AppScan 360° scan. This lets you benefit from all the
configuration options available in AppScan Standard. An AppScan Standard template also includes the
login recording and multistep configuration. The template does not include a Manual Explore, but you can upload a traffic recording (DAST.CONFIG file) to ensure that specific parts of the application are covered. |
Upload scan file | If you have an AppScan Standard scan
(SCAN) file, you can use it as the configuration for your AppScan 360° scan. Manual Explore, Multistep operations, and Web API files such as a Postman Collection saved in the SCAN file are included in the scan. You can run a full scan or use the existing Explore date from the file and run only the Test stage of the scan. |
Scanning web APIs
When scanning a web API, be aware of the following:
- Automatic Explore will not work for a web API, so you must provide a traffic recording. See Recording traffic
- If you have a Postman Collection, you can import it to AppScan Standard, save as a SCAN file, and then Create a new scan from a scan file.
Related topics
- Recording traffic
- Using AppScan Standard scans or templates
- Scanning sites that use client certificates